Problems Logging In: How to recover access to your account ?

Gandi provide various methods to retrieve access to your account in case you lose your username or password. They do not allow bypassing any additional security, for obvious reasons. If your account is blocked due to this additional security, you will have to contact customer care to ask for their removal.

If your account is simply protected by a password or if you still have access to the additional security, you can recover access to your account by yourself.

Information

Please note that the more different means of recovery you will have set, the less chance somebody can use them to hack your account.

Even if some methods (TOTP and U2F) are common to both recovery and login security, they can be managed independently. For example, if you set a TOTP to log into your account, you can use if for the recovery too, with the same seed, or you can prefer to use another mean of recovery.

Recovery by Email (5)

Recovery by Email consist of sending an Email with a validation code to the mail address or one of the Email addresses saved in your account. By default, your security Email address (the one you used when creating the account) is used, but you have more addresses. In case you had several Email addresses, one will be chosen randomly during the recovery process, so be sure you will have easy access, all time, to all the addresses you will save in your account.

You can save up to 5 Email addresses to retrieve your account.

How to add an Email address

To save a new recovery Email address, log in your account, then click on your username on the top right of the admin interface.

  • Choose “User settings”.

  • In the block titled “Login and Security Options”, click the button “Recovery options”.

  • Verify the “bullet” button is set to “Recovery options”. Click it if this is not the case.

  • In the block titled “Recovery by Email”, click on “Add Email”.

  • Enter a new email address and validate.

  • Consult your mail client : An email containing the code to enter into the interface should arrive shortly.

  • Validate the code.

You can bypass the validation, but in this case, the Email address will not be used in the recovery process. You can, however, finalize (validate) this email later, by sending a new message using the “plane icon” to the right of the pending mail address.

Email addresses status

Email addresses can have only two statuses: - ACTIVE: Address has been validated with the code, and it would be used in the recovery process. - PENDING: Address has not been validated yet. It would not be used in the recovery process.

Actions on addresses

Depending on the address status, you will have 2 actions possible on each address: - Deleting it, using the red “trashcan” icon. Both ACTIVE and PENDING addresses can be deleted. - Resending the validation code, via the “plane” icon (for pending only). This will resend a new email, containing a new validation code, and will display the window to enter the code.

Note

You will not be able to delete the last Email address to avoid blocking the account recovery, as this is the method Gandi use as default.

Recovery by SMS (3)

Recovery by SMS allow Gandi to send an SMS to a saved phone number with a validation code. If you have several phone numbers, one will be used “randomly” during the recovery process, so be sure to have easy access to all the phones you saved, all time preferably.

You can save up to 3 phone number in your account to recover it.

Add a phone number

To save a new recovery phone number, log in your account, then click on your username on the top right of the admin interface.

  • Choose “User settings”.

  • In the block titled “Login and Security Options”, click the button “Recovery options”.

  • Verify the “bullet” button is set to “Recovery options”. Click it if this is not the case.

  • In the block titled Recovery by SMS, click on the “Add phone number” button.

  • Enter your phone number and validate.

  • You should receive an SMS with a code shortly. To save a new recovery phone number, log in your account, then click on your username on the top right of the admin interface.

  • Choose “User settings”.

  • In the block titled “Login and Security Options”, click the button “Recovery options”.

  • Verify the “bullet” button is set to “Recovery options”. Click it if this is not the case.

  • Enter the code, and validate.

You can bypass the validation to finalize it later, but you will have to use the “plane” icon for a new message with a new code to be sent.

Phone numbers status

Phone numbers can only have two statutes: - ACTIVE: Phone number has been validated with its code and could be used in the recovery process. - PENDING: Phone number has not been validated, and will not be used in a recovery process.

Actions on phone numbers

Depending on the phone number status, you will have 2 actions possible on each number: - Deleting it, using the red “trashcan” icon. Both ACTIVE and PENDING numbers can be deleted. - Resending the validation code, via the “plane” icon (for pending only). This will resend a new SMS, containing a new validation code, and will display the window to enter the code.

Recovery by QR code

Recovery with QR code is preferred if you use a smartphone. It’s a QR code image you save or print and keep in a secure place. When asked for during a recovery process, you just have to scan the QR code, to validate a step of the recovery process.

You can only have one active QR code per account.

Add a QR code

To get a recovery QR code, log in your account, then click on your username on the top right of the admin interface.

  • Choose “User settings”.

  • In the block titled “Login and Security Options”, click the button “Recovery options”.

  • Verify the “bullet” button is set to “Recovery options”. Click it if this is not the case.

  • In the block titled “Recovery by QR code”, click on “Generate a QR Code” button.

  • The website will open a new tab or window, displaying a PDF with the QR code. You can save and/or print the PDF for later use.**In all cases**, save the image or keep the printed document in a secure place!

You will just have to “scan” it when asked, during a recovery process.

Actions on QR code

You can delete any generated QR code, if you lose by example. It will be immediately invalidated, and you will be able to generate a new one. Note that the code is different for each generation.

Note

Depending on your browser, it is possible that you will be prompted to save the PDF file, without displaying it. It will work exactly the same.

Recovery using a Security key ( ∞ )

“Security keys” refers to a series of physical devices (such as FIDO keys) that you plug in your computer to act as “validator” of a step of the recovery process. There is no limit to the number of keys that you can save in your account, however, remember that in case of recovery, you will have to potentially access to “all” keys as any can be asked for.

Security keys are used for double authentication too (MFA), for security during logging in your account, so a same key can be used for both, or only for one of recovery or security.

Add a security key

To save a new recovery phone number, log in your account, then click on your username on the top right of the admin interface.

  • Choose “User settings”.

  • In the block titled “Login and Security Options”, click the button “Recovery options”.

  • Verify the “bullet” button is set to “Recovery options”. Click it if this is not the case.

  • In the block titled “Recovery by Security key”, click on the “Add security key” button.

  • In the popup window, you will have to choose a name for the key. Use one easy for you to recognize the concerned key. By default, the checkbox for the recovery is checked, but you can check the one for security during login too.

  • When done, click on “Continue”.

  • You will be asked to insert the key (if not already done) and to click / touch the button on the key.

  • NOTE: Depending on your browser, it can ask for a permission to access the key (before or after “touching” it.) You will have to accept for the key to be saved.

  • A message indicating the success will be displayed, just click on “Ok, let’s go” to close the window.

You will return to the keys list, and you should see the one you just added, with a Recovery tag and optionally an MFA tag. Please keep in mind that in this case, you will need the key to log into your account.

Important

Some apps or plugins to save your password (like Bitwarden by example), can “interfere” with the process and raise an error. In this case, just deactivate temporarily this app or plugin, reload the page and finalize the addition of your key.

Actions on Security keys

  • Delete (red “trashcan” icon) : You can delete the concerned key, which will not be used anymore during the recovery process.

If you see a MFA tag right of a key, this means it is used for login security too. Deleting such a key will just remove the “recovery role” of this key. It will remain necessary to log into your account. If you want to remove it completely, you will have to “delete” it from “Authentication options” too.

  • Activate account recovery with this device (” ➕ ” icon). In case you have already set a security key to log into your account, it will be displayed here too, with the “plus” icon, so you can add it as a recovery device too. Note that in this case, you will not have to insert the key for this action.

Recovery process

If you forget your username or/and password, you can initiate a recovery process of your Gandi account from the login page: https://id.gandi.net/en/login, using the “Forgot password or username”, or by using directly this link: https://account.gandi.net/en/recover_account

Note

A recovery process does not deactivate the additional security (like IP restriction, TOTP or security key), it lets you retrieve your username or reset your password only. If additional security block your access to your account, you will have to contact Gandi customer care.

The first step of the recovery process will be to enter your username (if you remember it), or one of the email addresses or phone numbers you have saved in the “Recovery options” of your account. Click on “Recover my account” to start the process.

If you use your username or an email address, an email will be sent to one of (or the) email addresses with a code to enter on the new page. Please note that if you entered a wrong email address, no message will be displayed to inform you, as a security measure (shortly, to avoid potential hackers validating email addresses this way). If you used a phone number, you will receive an SMS.

If you don’t receive the message or SMS, just click on “Try another method” to use another mean of recovery available. In case you have several methods saved, you will be asked for additional step(s). For security reasons, even no saved method will be proposed, just skip them with the “Try another method” button.

When all steps have been validated, you will be prompted to enter a new password. Then you will be logged into your account! Do not forget to note your username, at its usual emplacement, the top right of the interface.